#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

sh_ver="1.0.5"
file="/usr/local/sbin/ocserv"
conf_file="/etc/ocserv"
conf="/etc/ocserv/ocserv.conf"
passwd_file="/etc/ocserv/ocpasswd"
log_file="/tmp/ocserv.log"
ocserv_ver="0.11.8"
PID_FILE="/var/run/ocserv.pid"

Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}"
Tip="${Green_font_prefix}[注意]${Font_color_suffix}"

check_root() {
  [[ $EUID != 0 ]] && echo -e "${Error} 当前非ROOT账号(或没有ROOT权限)，无法继续操作，请更换ROOT账号或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时ROOT权限（执行后可能会提示输入当前账号的密码）。" && exit 1
}

#检查当前操作系统
check_sys() {
  if [[ -f /etc/redhat-release ]]; then
    release="centos"
  elif cat /etc/issue | grep -q -E -i "debian"; then
    release="debian"
  elif cat /etc/issue | grep -q -E -i "ubuntu"; then
    release="ubuntu"
  elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
    release="centos"
  elif cat /proc/version | grep -q -E -i "debian"; then
    release="debian"
  elif cat /proc/version | grep -q -E -i "ubuntu"; then
    release="ubuntu"
  elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
    release="centos"
  fi
  #bit=`uname -m`
}

check_installed_status() {
  [[ ! -e ${file} ]] && echo -e "${Error} ocserv 没有安装，请检查 !" && exit 1
  [[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在，请检查 !" && [[ $1 != "un" ]] && exit 1
}

check_pid() {
  if [[ ! -e ${PID_FILE} ]]; then
    PID=""
  else
    PID=$(cat ${PID_FILE})
  fi
}
Get_ip() {
  ip=$(wget -qO- -t1 -T2 ipinfo.io/ip)
  if [[ -z "${ip}" ]]; then
    ip=$(wget -qO- -t1 -T2 api.ip.sb/ip)
    if [[ -z "${ip}" ]]; then
      ip=$(wget -qO- -t1 -T2 members.3322.org/dyndns/getip)
      if [[ -z "${ip}" ]]; then
        ip="VPS_IP"
      fi
    fi
  fi
}
Download_ocserv() {
  mkdir "ocserv" && cd "ocserv"
  wget "ftp://ftp.infradead.org/pub/ocserv/ocserv-${ocserv_ver}.tar.xz"
  [[ ! -s "ocserv-${ocserv_ver}.tar.xz" ]] && echo -e "${Error} ocserv 源码文件下载失败 !" && rm -rf "ocserv/" && rm -rf "ocserv-${ocserv_ver}.tar.xz" && exit 1
  tar -xJf ocserv-0.11.8.tar.xz && cd ocserv-0.11.8
  ./configure
  make
  make install
  cd .. && cd ..
  rm -rf ocserv/

#  if [[ -e ${file} ]]; then
#    mkdir "${conf_file}"
#    wget --no-check-certificate -N -P "${conf_file}" "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/other/ocserv.conf"
#    [[ ! -s "${conf}" ]] && echo -e "${Error} ocserv 配置文件下载失败 !" && rm -rf "${conf_file}" && exit 1
#  else
#    echo -e "${Error} ocserv 编译安装失败，请检查！" && exit 1
#  fi
}
Service_ocserv() {
  if ! wget --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/service/ocserv_debian -O /etc/init.d/ocserv; then
    echo -e "${Error} ocserv 服务 管理脚本下载失败 !" && over
  fi
  chmod +x /etc/init.d/ocserv
  update-rc.d -f ocserv defaults
  echo -e "${Info} ocserv 服务 管理脚本下载完成 !"
}

offline_service_ocserv() {
  if [[ -s "./ocserv.service" ]]; then
    cp "./ocserv.service" /etc/init.d/ocserv
    chmod +x /etc/init.d/ocserv
    update-rc.d -f ocserv defaults
    echo -e "${Info} ocserv 服务 管理脚本部署完成 !"
  else
    echo -e "${Error} ocserv 服务管理脚本部署失败 !" && over
  fi
}
rand() {
  min=10000
  max=$((60000 - $min + 1))
  num=$(date +%s%N)
  echo $(($num % $max + $min))
}
Generate_SSL() {
  lalala=$(rand)
  mkdir /tmp/ssl && cd /tmp/ssl
  echo -e 'cn = "'${lalala}'"
organization = "'${lalala}'"
serial = 1
expiration_days = 365
ca
signing_key
cert_signing_key
crl_signing_key' >ca.tmpl
  [[ $? != 0 ]] && echo -e "${Error} 写入SSL证书签名模板失败(ca.tmpl) !" && over
  certtool --generate-privkey --outfile ca-key.pem
  [[ $? != 0 ]] && echo -e "${Error} 生成SSL证书密匙文件失败(ca-key.pem) !" && over
  certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem
  [[ $? != 0 ]] && echo -e "${Error} 生成SSL证书文件失败(ca-cert.pem) !" && over

  Get_ip
  if [[ -z "$ip" ]]; then
    echo -e "${Error} 检测外网IP失败 !"
    read -e -p "请手动输入你的服务器外网IP:" ip
    [[ -z "${ip}" ]] && echo "取消..." && over
  fi
  echo -e 'cn = "'${ip}'"
organization = "'${lalala}'"
expiration_days = 365
signing_key
encryption_key
tls_www_server' >server.tmpl
  [[ $? != 0 ]] && echo -e "${Error} 写入SSL证书签名模板失败(server.tmpl) !" && over
  certtool --generate-privkey --outfile server-key.pem
  [[ $? != 0 ]] && echo -e "${Error} 生成SSL证书密匙文件失败(server-key.pem) !" && over
  certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem
  [[ $? != 0 ]] && echo -e "${Error} 生成SSL证书文件失败(server-cert.pem) !" && over

  mkdir /etc/ocserv/ssl
  mv ca-cert.pem /etc/ocserv/ssl/ca-cert.pem
  mv ca-key.pem /etc/ocserv/ssl/ca-key.pem
  mv server-cert.pem /etc/ocserv/ssl/server-cert.pem
  mv server-key.pem /etc/ocserv/ssl/server-key.pem
  cd .. && rm -rf /tmp/ssl/
}
Installation_dependency() {
  [[ ! -e "/dev/net/tun" ]] && echo -e "${Error} 你的VPS没有开启TUN，请联系IDC或通过VPS控制面板打开TUN/TAP开关 !" && exit 1
  if [[ ${release} = "centos" ]]; then
    echo -e "${Error} 本脚本不支持 CentOS 系统 !" && exit 1
  elif [[ ${release} = "debian" ]]; then
    cat /etc/issue | grep 9\..* >/dev/null
    if [[ $? = 0 ]]; then
      apt-get update
      apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
    else
      mv /etc/apt/sources.list /etc/apt/sources.list.bak
      wget --no-check-certificate -O "/etc/apt/sources.list" "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/sources/us.sources.list"
      apt-get update
      apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
      rm -rf /etc/apt/sources.list
      mv /etc/apt/sources.list.bak /etc/apt/sources.list
      apt-get update
    fi
  else
    apt-get update
    apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
  fi
}

offline_installation_dependency() {
  [[ ! -e "/dev/net/tun" ]] && echo -e "${Error} 你的VPS没有开启TUN，请联系IDC或通过VPS控制面板打开TUN/TAP开关 !" && exit 1
  if [[ ${release} = "centos" ]]; then
    echo -e "${Error} 本脚本不支持 CentOS 系统 !" && exit 1
  elif [[ ${release} = "debian" ]]; then
    cat /etc/issue | grep 9\..* >/dev/null
    if [[ $? = 0 ]]; then
      apt-get update
      apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
    else
      mv /etc/apt/sources.list /etc/apt/sources.list.bak
      wget --no-check-certificate -O "/etc/apt/sources.list" "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/sources/us.sources.list"
      apt-get update
      apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
      rm -rf /etc/apt/sources.list
      mv /etc/apt/sources.list.bak /etc/apt/sources.list
      apt-get update
    fi
  else
    apt-get update
    apt-get install vim net-tools pkg-config build-essential libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-dev libev-dev gnutls-bin -y
  fi
}

offline_operation_ocserv() {
#  mkdir "ocserv" && cd "ocserv"
  if [[ ! -s "./ocserv-${ocserv_ver}.tar.xz" ]]; then
    echo -e "${Error} 当前目录未找到 ocserv 源码文件 !" && rm -rf "ocserv/" && rm -rf "ocserv-${ocserv_ver}.tar.xz" && exit 1
    fi
  tar -xJf ocserv-0.11.8.tar.xz && cd ocserv-0.11.8
  ./configure
  make
  make install
  cd .. && rm -rf ocserv/

  if [[ -e ${file} ]]; then
    echo "${conf_file}"
    mkdir "${conf_file}"
    if [[ ! -s "./ocserv.conf" ]]; then
      echo -e "${Error} ocserv 配置文件未在当前目录下找到 !" && rm -rf "${conf_file}" && exit 1
    fi
    cp "./ocserv.conf" /etc/ocserv/ocserv.conf
  else
    echo -e "${Error} ocserv 编译安装失败，请检查！" && exit 1
  fi
}

Install_ocserv() {
  check_root
  [[ -e ${file} ]] && echo -e "${Error} ocserv 已安装，请检查 !" && exit 1
  echo -e "${Info} 开始安装/配置 依赖..."
  Installation_dependency
  echo -e "${Info} 开始下载/安装 配置文件..."
  Download_ocserv
  echo -e "${Info} 开始下载/安装 服务脚本(init)..."
  Service_ocserv
  echo -e "${Info} 开始自签SSL证书..."
  Generate_SSL
  echo -e "${Info} 开始设置账号配置..."
  Read_config
  Set_Config
  echo -e "${Info} 开始设置 iptables防火墙..."
  Set_iptables
  echo -e "${Info} 开始添加 iptables防火墙规则..."
  Add_iptables
  echo -e "${Info} 开始保存 iptables防火墙规则..."
  Save_iptables
  echo -e "${Info} 所有步骤 安装完毕，开始启动..."
  Start_ocserv
}

offline_install_ocserv() {
  check_root
  [[ -e ${file} ]] && echo -e "${Error} ocserv 已安装，请检查 !" && exit 1
  echo -e "${Info} 开始安装/配置 依赖..."
  offline_installation_dependency
  echo -e "${Info} 开始下载/安装 配置文件..."
  offline_operation_ocserv
  echo -e "${Info} 开始下载/安装 服务脚本(init)..."
  offline_service_ocserv
  echo -e "${Info} 开始自签SSL证书..."
  Generate_SSL
  echo -e "${Info} 开始设置账号配置..."
  Read_config
  Set_Config
  echo -e "${Info} 开始设置 iptables防火墙..."
  Set_iptables
  echo -e "${Info} 开始添加 iptables防火墙规则..."
  Add_iptables
  echo -e "${Info} 开始保存 iptables防火墙规则..."
  Save_iptables
  echo -e "${Info} 所有步骤 安装完毕，开始启动..."
  Start_ocserv
}

Start_ocserv() {
  check_installed_status
  check_pid
  [[ ! -z ${PID} ]] && echo -e "${Error} ocserv 正在运行，请检查 !" && exit 1
  /etc/init.d/ocserv start
  sleep 2s
  check_pid
  [[ ! -z ${PID} ]] && View_Config
}
Stop_ocserv() {
  check_installed_status
  check_pid
  [[ -z ${PID} ]] && echo -e "${Error} ocserv 没有运行，请检查 !" && exit 1
  /etc/init.d/ocserv stop
}
Restart_ocserv() {
  check_installed_status
  check_pid
  [[ ! -z ${PID} ]] && /etc/init.d/ocserv stop
  /etc/init.d/ocserv start
  sleep 2s
  check_pid
  [[ ! -z ${PID} ]] && View_Config
}
Set_ocserv() {
  [[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在 !" && exit 1
  tcp_port=$(cat ${conf} | grep "tcp-port =" | awk -F ' = ' '{print $NF}')
  udp_port=$(cat ${conf} | grep "udp-port =" | awk -F ' = ' '{print $NF}')
  vim ${conf}
  set_tcp_port=$(cat ${conf} | grep "tcp-port =" | awk -F ' = ' '{print $NF}')
  set_udp_port=$(cat ${conf} | grep "udp-port =" | awk -F ' = ' '{print $NF}')
  Del_iptables
  Add_iptables
  Save_iptables
  echo "是否重启 ocserv ? (Y/n)"
  read -e -p "(默认: Y):" yn
  [[ -z ${yn} ]] && yn="y"
  if [[ ${yn} == [Yy] ]]; then
    Restart_ocserv
  fi
}
Set_username() {
  echo "请输入 要添加的VPN账号 用户名"
  read -e -p "(默认: admin):" username
  [[ -z "${username}" ]] && username="admin"
  echo && echo -e "	用户名 : ${Red_font_prefix}${username}${Font_color_suffix}" && echo
}
Set_passwd() {
  echo "请输入 要添加的VPN账号 密码"
  read -e -p "(默认: doub.io):" userpass
  [[ -z "${userpass}" ]] && userpass="doub.io"
  echo && echo -e "	密码 : ${Red_font_prefix}${userpass}${Font_color_suffix}" && echo
}
Set_tcp_port() {
  while true; do
    echo -e "请输入VPN服务端的TCP端口"
    read -e -p "(默认: 443):" set_tcp_port
    [[ -z "$set_tcp_port" ]] && set_tcp_port="443"
    echo $((${set_tcp_port} + 0)) &>/dev/null
    if [[ $? -eq 0 ]]; then
      if [[ ${set_tcp_port} -ge 1 ]] && [[ ${set_tcp_port} -le 65535 ]]; then
        echo && echo -e "	TCP端口 : ${Red_font_prefix}${set_tcp_port}${Font_color_suffix}" && echo
        break
      else
        echo -e "${Error} 请输入正确的数字！"
      fi
    else
      echo -e "${Error} 请输入正确的数字！"
    fi
  done
}
Set_udp_port() {
  while true; do
    echo -e "请输入VPN服务端的UDP端口"
    read -e -p "(默认: ${set_tcp_port}):" set_udp_port
    [[ -z "$set_udp_port" ]] && set_udp_port="${set_tcp_port}"
    echo $((${set_udp_port} + 0)) &>/dev/null
    if [[ $? -eq 0 ]]; then
      if [[ ${set_udp_port} -ge 1 ]] && [[ ${set_udp_port} -le 65535 ]]; then
        echo && echo -e "	TCP端口 : ${Red_font_prefix}${set_udp_port}${Font_color_suffix}" && echo
        break
      else
        echo -e "${Error} 请输入正确的数字！"
      fi
    else
      echo -e "${Error} 请输入正确的数字！"
    fi
  done
}
Set_Config() {
  Set_username
  Set_passwd
  echo -e "${userpass}\n${userpass}" | ocpasswd -c ${passwd_file} ${username}
  Set_tcp_port
  Set_udp_port
  sed -i 's/tcp-port = '"$(echo ${tcp_port})"'/tcp-port = '"$(echo ${set_tcp_port})"'/g' ${conf}
  sed -i 's/udp-port = '"$(echo ${udp_port})"'/udp-port = '"$(echo ${set_udp_port})"'/g' ${conf}
}
Read_config() {
  [[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在 !" && exit 1
  conf_text=$(cat ${conf} | grep -v '#')
  tcp_port=$(echo -e "${conf_text}" | grep "tcp-port =" | awk -F ' = ' '{print $NF}')
  udp_port=$(echo -e "${conf_text}" | grep "udp-port =" | awk -F ' = ' '{print $NF}')
  max_same_clients=$(echo -e "${conf_text}" | grep "max-same-clients =" | awk -F ' = ' '{print $NF}')
  max_clients=$(echo -e "${conf_text}" | grep "max-clients =" | awk -F ' = ' '{print $NF}')
}
List_User() {
  [[ ! -e ${passwd_file} ]] && echo -e "${Error} ocserv 账号配置文件不存在 !" && exit 1
  User_text=$(cat ${passwd_file})
  if [[ ! -z ${User_text} ]]; then
    User_num=$(echo -e "${User_text}" | wc -l)
    user_list_all=""
    for ((integer = 1; integer <= ${User_num}; integer++)); do
      user_name=$(echo -e "${User_text}" | awk -F ':*:' '{print $1}' | sed -n "${integer}p")
      user_status=$(echo -e "${User_text}" | awk -F ':*:' '{print $NF}' | sed -n "${integer}p" | cut -c 1)
      if [[ ${user_status} == '!' ]]; then
        user_status="禁用"
      else
        user_status="启用"
      fi
      user_list_all=${user_list_all}"用户名: "${user_name}" 账号状态: "${user_status}"\n"
    done
    echo && echo -e "用户总数 ${Green_font_prefix}"${User_num}"${Font_color_suffix}"
    echo -e ${user_list_all}
  fi
}
Add_User() {
  Set_username
  Set_passwd
  user_status=$(cat "${passwd_file}" | grep "${username}"':*:')
  [[ ! -z ${user_status} ]] && echo -e "${Error} 用户名已存在 ![ ${username} ]" && exit 1
  echo -e "${userpass}\n${userpass}" | ocpasswd -c ${passwd_file} ${username}
  user_status=$(cat "${passwd_file}" | grep "${username}"':*:')
  if [[ ! -z ${user_status} ]]; then
    echo -e "${Info} 账号添加成功 ![ ${username} ]"
  else
    echo -e "${Error} 账号添加失败 ![ ${username} ]" && exit 1
  fi
}
Del_User() {
  List_User
  [[ ${User_num} == 1 ]] && echo -e "${Error} 当前仅剩一个账号配置，无法删除 !" && exit 1
  echo -e "请输入要删除的VPN账号的用户名"
  read -e -p "(默认取消):" Del_username
  [[ -z "${Del_username}" ]] && echo "已取消..." && exit 1
  user_status=$(cat "${passwd_file}" | grep "${Del_username}"':*:')
  [[ -z ${user_status} ]] && echo -e "${Error} 用户名不存在 ! [${Del_username}]" && exit 1
  ocpasswd -c ${passwd_file} -d ${Del_username}
  user_status=$(cat "${passwd_file}" | grep "${Del_username}"':*:')
  if [[ -z ${user_status} ]]; then
    echo -e "${Info} 删除成功 ! [${Del_username}]"
  else
    echo -e "${Error} 删除失败 ! [${Del_username}]" && exit 1
  fi
}
Modify_User_disabled() {
  List_User
  echo -e "请输入要启用/禁用的VPN账号的用户名"
  read -e -p "(默认取消):" Modify_username
  [[ -z "${Modify_username}" ]] && echo "已取消..." && exit 1
  user_status=$(cat "${passwd_file}" | grep "${Modify_username}"':*:')
  [[ -z ${user_status} ]] && echo -e "${Error} 用户名不存在 ! [${Modify_username}]" && exit 1
  user_status=$(cat "${passwd_file}" | grep "${Modify_username}"':*:' | awk -F ':*:' '{print $NF}' | cut -c 1)
  if [[ ${user_status} == '!' ]]; then
    ocpasswd -c ${passwd_file} -u ${Modify_username}
    user_status=$(cat "${passwd_file}" | grep "${Modify_username}"':*:' | awk -F ':*:' '{print $NF}' | cut -c 1)
    if [[ ${user_status} != '!' ]]; then
      echo -e "${Info} 启用成功 ! [${Modify_username}]"
    else
      echo -e "${Error} 启用失败 ! [${Modify_username}]" && exit 1
    fi
  else
    ocpasswd -c ${passwd_file} -l ${Modify_username}
    user_status=$(cat "${passwd_file}" | grep "${Modify_username}"':*:' | awk -F ':*:' '{print $NF}' | cut -c 1)
    if [[ ${user_status} == '!' ]]; then
      echo -e "${Info} 禁用成功 ! [${Modify_username}]"
    else
      echo -e "${Error} 禁用失败 ! [${Modify_username}]" && exit 1
    fi
  fi
}
Set_Pass() {
  check_installed_status
  echo && echo -e " 你要做什么？

 ${Green_font_prefix} 0.${Font_color_suffix} 列出 账号配置
————————
 ${Green_font_prefix} 1.${Font_color_suffix} 添加 账号配置
 ${Green_font_prefix} 2.${Font_color_suffix} 删除 账号配置
————————
 ${Green_font_prefix} 3.${Font_color_suffix} 启用/禁用 账号配置

 注意：添加/修改/删除 账号配置后，VPN服务端会实时读取，无需重启服务端 !" && echo
  read -e -p "(默认: 取消):" set_num
  [[ -z "${set_num}" ]] && echo "已取消..." && exit 1
  if [[ ${set_num} == "0" ]]; then
    List_User
  elif [[ ${set_num} == "1" ]]; then
    Add_User
  elif [[ ${set_num} == "2" ]]; then
    Del_User
  elif [[ ${set_num} == "3" ]]; then
    Modify_User_disabled
  else
    echo -e "${Error} 请输入正确的数字[1-3]" && exit 1
  fi
}
View_Config() {
  Get_ip
  Read_config
  clear && echo "===================================================" && echo
  echo -e " AnyConnect 配置信息：" && echo
  echo -e " I  P\t\t  : ${Green_font_prefix}${ip}${Font_color_suffix}"
  echo -e " TCP端口\t  : ${Green_font_prefix}${tcp_port}${Font_color_suffix}"
  echo -e " UDP端口\t  : ${Green_font_prefix}${udp_port}${Font_color_suffix}"
  echo -e " 单用户设备数限制 : ${Green_font_prefix}${max_same_clients}${Font_color_suffix}"
  echo -e " 总用户设备数限制 : ${Green_font_prefix}${max_clients}${Font_color_suffix}"
  echo -e "\n 客户端链接请填写 : ${Green_font_prefix}${ip}:${tcp_port}${Font_color_suffix}"
  echo && echo "==================================================="
}
View_Log() {
  [[ ! -e ${log_file} ]] && echo -e "${Error} ocserv 日志文件不存在 !" && exit 1
  echo && echo -e "${Tip} 按 ${Red_font_prefix}Ctrl+C${Font_color_suffix} 终止查看日志" && echo -e "如果需要查看完整日志内容，请用 ${Red_font_prefix}cat ${log_file}${Font_color_suffix} 命令。" && echo
  tail -f ${log_file}
}
Uninstall_ocserv() {
  check_installed_status "un"
  echo "确定要卸载 ocserv ? (y/N)"
  echo
  read -e -p "(默认: n):" unyn
  [[ -z ${unyn} ]] && unyn="n"
  if [[ ${unyn} == [Yy] ]]; then
    check_pid
    [[ ! -z $PID ]] && kill -9 ${PID} && rm -f ${PID_FILE}
    Read_config
    Del_iptables
    Save_iptables
    update-rc.d -f ocserv remove
    rm -rf /etc/init.d/ocserv
    rm -rf "${conf_file}"
    rm -rf "${log_file}"
    cd '/usr/local/bin' && rm -f occtl
    rm -f ocpasswd
    cd '/usr/local/bin' && rm -f ocserv-fw
    cd '/usr/local/sbin' && rm -f ocserv
    cd '/usr/local/share/man/man8' && rm -f ocserv.8
    rm -f ocpasswd.8
    rm -f occtl.8
    echo && echo "ocserv 卸载完成 !" && echo
  else
    echo && echo "卸载已取消..." && echo
  fi
}
over() {
  update-rc.d -f ocserv remove
  rm -rf /etc/init.d/ocserv
  rm -rf "${conf_file}"
  rm -rf "${log_file}"
  cd '/usr/local/bin' && rm -f occtl
  rm -f ocpasswd
  cd '/usr/local/bin' && rm -f ocserv-fw
  cd '/usr/local/sbin' && rm -f ocserv
  cd '/usr/local/share/man/man8' && rm -f ocserv.8
  rm -f ocpasswd.8
  rm -f occtl.8
  echo && echo "安装过程错误，ocserv 卸载完成 !" && echo
}
Add_iptables() {
  iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${set_tcp_port} -j ACCEPT
  iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${set_udp_port} -j ACCEPT
}
Del_iptables() {
  iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${tcp_port} -j ACCEPT
  iptables -D INPUT -m state --state NEW -m udp -p udp --dport ${udp_port} -j ACCEPT
}
Save_iptables() {
  iptables-save >/etc/iptables.up.rules
}
Set_iptables() {
  echo -e "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
  sysctl -p
  ifconfig_status=$(ifconfig)
  if [[ -z ${ifconfig_status} ]]; then
    echo -e "${Error} ifconfig 未安装 !"
    read -e -p "请手动输入你的网卡名(一般情况下，网卡名为 eth0，Debian9 则为 ens3，CentOS Ubuntu 最新版本可能为 enpXsX(X代表数字或字母)，OpenVZ 虚拟化则为 venet0):" Network_card
    [[ -z "${Network_card}" ]] && echo "取消..." && exit 1
  else
    Network_card=$(ifconfig | grep "eth0")
    if [[ ! -z ${Network_card} ]]; then
      Network_card="eth0"
    else
      Network_card=$(ifconfig | grep "ens3")
      if [[ ! -z ${Network_card} ]]; then
        Network_card="ens3"
      else
        Network_card=$(ifconfig | grep "venet0")
        if [[ ! -z ${Network_card} ]]; then
          Network_card="venet0"
        else
          ifconfig
          read -e -p "检测到本服务器的网卡非 eth0 \ ens3(Debian9) \ venet0(OpenVZ) \ enpXsX(CentOS Ubuntu 最新版本，X代表数字或字母)，请根据上面输出的网卡信息手动输入你的网卡名:" Network_card
          [[ -z "${Network_card}" ]] && echo "取消..." && exit 1
        fi
      fi
    fi
  fi
  iptables -t nat -A POSTROUTING -o ${Network_card} -j MASQUERADE

  iptables-save >/etc/iptables.up.rules
  echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' >/etc/network/if-pre-up.d/iptables
  chmod +x /etc/network/if-pre-up.d/iptables
}
Update_Shell() {
  sh_new_ver=$(wget --no-check-certificate -qO- -t1 -T3 "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/ocserv.sh" | grep 'sh_ver="' | awk -F "=" '{print $NF}' | sed 's/\"//g' | head -1) && sh_new_type="github"
  [[ -z ${sh_new_ver} ]] && echo -e "${Error} 无法链接到 Github !" && exit 0
  if [[ -e "/etc/init.d/ocserv" ]]; then
    rm -rf /etc/init.d/ocserv
    Service_ocserv
  fi
  wget -N --no-check-certificate "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/ocserv.sh" && chmod +x ocserv.sh
  echo -e "脚本已更新为最新版本[ ${sh_new_ver} ] !(注意：因为更新方式为直接覆盖当前运行的脚本，所以可能下面会提示一些报错，无视即可)" && exit 0
}

check_sys
[[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
echo && echo -e " ocserv 一键安装管理脚本 ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix}
  -- Toyo | doub.io/vpnzy-7 --

 ${Green_font_prefix}0.${Font_color_suffix} 升级脚本
————————————
 ${Green_font_prefix}1.${Font_color_suffix} 安装 ocserv
 ${Green_font_prefix}2.${Font_color_suffix} 卸载 ocserv
————————————
 ${Green_font_prefix}3.${Font_color_suffix} 启动 ocserv
 ${Green_font_prefix}4.${Font_color_suffix} 停止 ocserv
 ${Green_font_prefix}5.${Font_color_suffix} 重启 ocserv
————————————
 ${Green_font_prefix}6.${Font_color_suffix} 设置 账号配置
 ${Green_font_prefix}7.${Font_color_suffix} 查看 配置信息
 ${Green_font_prefix}8.${Font_color_suffix} 修改 配置文件
 ${Green_font_prefix}9.${Font_color_suffix} 查看 日志信息
 ${Green_font_prefix}10.${Font_color_suffix}安装 ocserv offline
————————————" && echo
if [[ -e ${file} ]]; then
  check_pid
  if [[ ! -z "${PID}" ]]; then
    echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 并 ${Green_font_prefix}已启动${Font_color_suffix}"
  else
    echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 但 ${Red_font_prefix}未启动${Font_color_suffix}"
  fi
else
  echo -e " 当前状态: ${Red_font_prefix}未安装${Font_color_suffix}"
fi
echo
read -e -p " 请输入数字 [0-9]:" num
case "$num" in
0)
  Update_Shell
  ;;
1)
  Install_ocserv
  ;;
2)
  Uninstall_ocserv
  ;;
3)
  Start_ocserv
  ;;
4)
  Stop_ocserv
  ;;
5)
  Restart_ocserv
  ;;
6)
  Set_Pass
  ;;
7)
  View_Config
  ;;
8)
  Set_ocserv
  ;;
9)
  View_Log
  ;;
10)
  offline_install_ocserv
  ;;
*)
  echo "请输入正确数字 [0-9]"
  ;;
esac
